Vulnerabilities > Redhat > Jboss Enterprise Brms Platform > High

DATE CVE VULNERABILITY TITLE RISK
2016-08-05 CVE-2016-4999 SQL Injection vulnerability in Redhat products
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.
network
low complexity
redhat CWE-89
7.5
7.5
2013-10-28 CVE-2013-2186 Improper Input Validation vulnerability in multiple products
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
network
low complexity
redhat ubuntu CWE-20
7.5
7.5